CVE-2025-68717
Unknown Unknown - Not Provided
Authentication Bypass in KAYSUS KS-WR3600 Router Firmware Allows Privilege Escalation

Publication date: 2026-01-08

Last updated on: 2026-02-02

Assigner: MITRE

Description
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68717
EUVD
EUVD-2026-1451
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kaysus ks-wr3600 1.0.5.9.1
kaysus ks-wr3600_firmware 1.0.5.9.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1, allowing an authentication bypass during session validation. If any user is logged in, certain endpoints like /cgi-bin/system-tool accept unauthenticated requests even with empty or invalid session values. This flaw enables attackers to piggyback on another user's active session to access sensitive configuration data or perform privileged actions without needing to authenticate.

Impact Analysis

The vulnerability can allow attackers to gain unauthorized access to sensitive router configuration data and execute privileged actions without authentication. This can lead to compromise of network security, unauthorized changes to device settings, potential disruption of network services, and exposure of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68717. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart